Device for processing data packets

ABSTRACT

The invention relates to a device (1) for processing data packets, comprising identification means (14) for identifying a data packet, processing means (11, 12) for cryptographically processing the data packet, and memory means (13) for storing information relating to the processing, in which device the processing means comprise at least a first (11) and a second (12) processing unit. Control means (14) are provided to assign, on the basis of the identification of a data packet, said data packet to one of the processing units and to process said data packet with the aid of information related to said data packet. Preferably, at least one processing unit (11; 12) is designed to encrypt or decrypt data packets, and the information relating to the processing comprises a key and a status of a processing procedure.

BACKGROUND OF THE INVENTION

The present invention relates to a device for processing data packets.More in particular, the present invention relates to a device forcryptographically processing data packets, said device comprisingidentification means for identifying a data packet, processing means forcryptographically processing the data packet, memory means for storinginformation relating to the processing, and control means for selectinginformation related to the data packet. A device of this type isdisclosed in the Specification of U.S. Pat. No. 5,048,087.

In practice it is known to arrange for data communication, includingtelephony, to take place by means of data packets. Diverse techniquesfor data communication with the aid of data packets, such as X.25 andATM ("asynchronous transfer mode"), are known. The need exists to anincreasing extent to secure the data traffic by means of encrypting themessages (data packets). For this purpose, an encrypting device can beincorporated at the transmitting end and a decrypting device at thereceiving end in the data connection concerned.

In modern data communication techniques, data packets belonging to aplurality of logical connections are transmitted via a single physicalconnection. Such logical connections will hereinafter generally bereferred to as channels. Thus, for example, in the case of ATM, aplurality of "virtual channels" and "virtual paths" may use the samephysical connection. At the same time, there is no fixed correlationbetween the consecutive data packets, referred to as "cells" in the caseof ATM. The channel to which the data packet belongs can be read onlyfrom the header of each data packet.

If one or more of said channels is to be secured by encrypting, measureshave to be taken to encrypt and decrypt data packets of a particularlogical connection in a particular way, for example with a key belongingto the logical connection. For this purpose, the data packets of thedifferent logical connections have to be identified in order to be ableto determine the particular channel, and consequently, for example, theassociated key, of a particular data packet.

In the device disclosed in U.S. Pat. No. 5,048,087, the identificationmeans are formed by a packet identifier. Stored in a memory is aplurality of keys, one of which is retrieved in each case in order toprocess a data packet of a particular channel (logical connection) inthe cryptographic unit provided therefor. In addition, in the knowndevice, a cryptographic residue is, in each case, retrieved or,respectively, stored in addition to the key. Such a cryptographicresidue can represent the status of a cryptographic process by whichrelated data packets are encrypted or decrypted, respectively.

The known device has the disadvantage that it is relatively slow. Foreach incoming data packet, the matching key and the matching residuehave to be loaded on the basis of the identification, after which thecryptographic processing (encrypting or decrypting) takes place. Afterthe processing, the new residue (and possibly the key) has to be stored,in each case, before a subsequent data packet can be processed. It willbe clear that the repeated performance, that is to say the performancefor each data packet, of said steps takes place at the expense of theprocessing speed of the known device and, consequently, of thethroughput speed of the data packets to be processed.

The storage and retrieval of only a key for each channel, which isdisclosed per se, for example, in the publication "Data security inpacket switched networks", which is specified in greater detail below,may, in principle, be faster but still requires a relatively largeamount of processing time. Such a solution is furthermore unsuitable forcryptographic procedures whose status has to be stored between twoprocessing steps. It is precisely such procedures which are at presentmuch used for encrypting data communication.

International Patent Application WO93/09627 discloses a cryptographicapparatus for use in computer networks. In its key generator, theapparatus comprises pairs of parallel registers each outputting a singlekey bit. Depending on data packets being designated "local" or"broadcast", the key bits of one of the pairs of registers is used tocontribute to the running key encrypting the data packets. This knowndesign is not suitable for cryptographically processing data packets ofa large number of channels at a high data rate.

In modern data communication, speed plays an ever greater role. Devicesfor processing data packets, such as cryptographic devices, thereforehave to satisfy ever higher speed requirements. In the known device,which involves reloading and storing related processing information foreach data packet, said retrieval and storage of information forms aspeed-limiting factor.

SUMMARY OF THE INVENTION

The object of the invention is to eliminate the abovementioned and otherdisadvantages of the prior art and to provide a device for processingdata packets which makes possible a rapid processing of data packetseven if a status of a processing procedure has to be stored for eachdata packet and the data packets belong to different channels. Inparticular, the object of the invention is to provide a device which issuitable for encrypting and/or decrypting data packets in ATM networks.

For this purpose, the device according to the present invention ischaracterized in that the processing means comprise at least a first anda second processing unit, and in that the control means are designed toassign, on the basis of the identification of a data packet, said datapacket to one of the processing units and to process said data packetwith the aid of information related to said data packet. In other words,in the device according to the invention, there is present a pluralityof, preferably parallel, processing devices, so that a plurality of datapackets can be processed essentially simultaneously. At the same time,the control means are designed such that they assign an identified datapacket to a suitable processing unit. A suitable processing unit may beunderstood as meaning either a processing unit which is available at aparticular instant or one in which certain information of a processingprocedure is present.

In a first embodiment of the device according to the invention, at leastone processing unit is designed to encrypt data packets, while in asecond embodiment, at least one processing unit is designed to decryptdata packets. Because the device according to the invention is providedwith a plurality of processing units, it is possible both to encrypt andto decrypt data packets in a single device, optionally essentiallysimultaneously. The device according to the invention can be used notonly for cryptographic functions but also for other applications such asparity control of data packets. Advantageously, the processing units areof programmable design, so that various processing procedures can beperformed with one processing unit. The programs for performing theprocessing procedures are advantageously stored in the memory means, sothat a suitable procedure can be loaded under the influence of thecontrol means, optionally in conjunction with the identification means.

Preferably, a buffer is provided upstream of the processing units, thatis to say between the input of the device and the processing units. Datapackets can be temporarily stored in said buffer before the) aretransferred to a processing unit. The temporary storage provides thecontrol means, in conjunction with the identification means, with thetime needed to determine the respective channels of the data packets andto select and optionally adjust a suitable processing unit. In the caseof low data speeds, it may be possible to omit the buffer. Optionally,the buffer can be incorporated in the processing units, for example byproviding each processing unit with a separate input buffer.

In an advantageous embodiment, the control means are designed to assigndata packets which belong to the same channel to the same processingunit. In this way, the processing time for the data packets of saidchannel is reduced still further.

Advantageously, the device according to the invention can be used in ATMnetworks. For this purpose, the device can be designed such that a fixedtime relationship exists between the arrival and the departure of datapackets. Such a fixed time relationship can be achieved b) a suitabledesign of the control means. Optionally, an output buffer can beprovided for this purpose, but also to fulfil (other) synchronizationpurposes.

REFERENCES

1! J. R. Sherwood, "Data security in packet switched networks", SecondIEE National Conference on Telecommunications, York, U.K., 2-5 April1989.

2! W. Diffie et al., "Privacy and Authentication: An Introduction toCryptography", Proceedings of the IEEE, Vol. 67, No. 3, March 1979.

3! U.S. Pat. No. 5,048,087

4! WO 90/12465

5! WO 93/09627

These references are herewith incorporated in this text.

BRIEF DESCRIPTION OF THE DRAWINGS

The invention will be explained below in greater detail with referenceto the figures.

FIG. 1 shows diagrammatically a device according to the invention forprocessing data packets.

FIG. 2 shows diagrammatically a number of consecutive data packets to beprocessed.

FIG. 3 shows diagrammatically a data communication system provided withdevices according to FIG. 1.

FIG. 4 shows diagrammatically an alternative embodiment of the deviceaccording to the invention.

DESCRIPTION OF PREFERRED EMBODIMENTS

The device 1 according to the invention shown diagrammatically in FIG. 1comprises a buffer 10, a first processing unit 11, a second processingunit 12, a memory 13 and an identification and control unit 14. Theprocessing units 11 and 12 and the memory 13 are connected by a commondata bus 15. Data connections are indicated in FIG. 1 by continuouslines and control connections by broken lines.

A data packet which enters the device 1 is first temporarily stored inthe buffer 10. During this time, the header of the data packet is copiedto the identification unit 14, where the channel (in the case of ATM,the virtual channel or the virtual path) of the data packet isdetermined. On the basis of this identification, the control unit, whichis incorporated in the identification unit in the embodiment shown butcan also form a separate unit, activates the other sections of thedevice 1. If a processing unit (11 or 12) is free, it is given theinstruction to receive a data packet. Essentially simultaneously, thebuffer 10 is instructed to release the data packet concerned, while thememory 13 is instructed to place the information belonging to saidchannel (for example, the key and the status of theencrypting/decrypting procedure, and optionally the software of aprocessing) on the bus 15. Subsequently, the processing unit concernedreads in both the information and the data packet and performs thedesired processing, after which the data packet (for example, under thecontrol of the control unit) is transmitted by the processing unit. Ifsaid transmission does not take place under the control of the controlunit, the processing units are preferably coupled such that they cannottransmit a data packet simultaneously. In order to preventsynchronization problems, for example, it may be advantageous to providea further buffer (not shown) at the output of the device 1 or to provideeach processing unit with its own output buffer.

The device 1 has, according to the invention, at least two (parallel)processing units. As a result, it is possible, in the first place, toprocess two data packets simultaneously. In this case, said data packetsmay either be of the same channel or of different channels. It will beclear that the throughput speed of the data packets is substantiallyincreased by the presence of a plurality of parallel processing units.If desired, more than two processing units, such as three, four, five ormore processing units may, as was stated above, be used, as a result ofwhich a further increase in speed can be achieved.

In the second place, the presence of two (or more) parallel processingunits offers the possibility of processing data packets of a particularchannel in one processing unit, while data packets of another channel orof other channels are processed in another processing unit. In otherwords, the control is designed such a way that data packets of aparticular channel are sent to that processing unit in which a datapacket of the same channel has previously been processed. As a result,the processing speed can be increased because loading the informationneeded from the memory and optionally storing information afterprocessing every time can be omitted in the case of that processingunit. Furthermore there is the possibility of reserving one of theprocessing units (or, in the case of more than two processing units,several processing units) for a particular channel, for example if arelatively large amount of data packets belong to said channel. Saidreservation may optionally take place dynamically, for example on thebasis of statistical data stored by the identification and control unit.As a result, the throughput speed can be increased further, at least forthe channel concerned. Suitable measures, for example the adjustment ofthe buffer capacity to the expected quantity of data packets whichcannot be processed directly, can be taken for this purpose, ifnecessary, in the buffer 10.

In the third place, the device according to the invention offers thepossibility, for example, of encrypting in one processing unit, whilethe other processing unit is used at the same instant for decrypting. Inother words, with the device according to the invention, it is possibleto perform a plurality of processes and different processessimultaneously in one device. At the same time, it is also possible toperform no processing at all in one processing unit at a particularinstant, optionally depending on the channel of the data packetconcerned. If it is desired not to perform any processing on the datapackets in many cases, for example for many channels, it may beadvantageous to provide, parallel to the processing units, a connectionwhich connects the buffer 10 directly to the output of the device 1.

It should be pointed out, that in the embodiment shown, one memory ispresent which is connected via a common data bus to all the processingunits, i.e. two in the case shown. It may be advantageous to design thedevice in such a way that each of the processing units has its ownmemory, in which case the common data bus may optionally be omitted.However, a common data bus for the two or more processing units providesthe possibility for the processing units to exchange data, e.g.cryptographic data.

It is furthermore possible to incorporate the identification unit (theidentification means) in the memory 13. In this case, the header of adata packet may, for example, be used to address the memory directly orindirectly (for example, by means of multiplexing).

The device according to the invention may be constructed of standardcomponents. In this connection, reference is made to general handbooksin the field of electronics, such as "The Art of Electronics" by P.Horowitz and W. Hill, Cambridge University Press, 1989. Advantageously,the device may, however, be designed as an ASIC ("application-specificintegrated circuit"). The processing units preferably comprise aprocessor (for example, a microprocessor) for performing the processing.The processing itself may be a known cryptographic processing or adifferent type of processing. In this context, reference is made to thepublication entitled "Privacy and Authentication: An Introduction toCryptography" by W. Diffie et al. in proceedings of the IEEE, Vol. 67,No. 3, March 1979 and to the bibliography incorporated therein.

FIG. 2 shows a series of data packets which are being encrypted with theaid of the device according to the invention. Three consecutive datapackets 100, 200 and 300 each have a header 101, 201 and 301,respectively, and a data field 102, 202 and 302, respectively. In theexample shown, the data packets 100 and 300 belong to the channel A,while the data packet 200 belongs to the channel B. For this purpose,the headers 101, 201 and 301 are provided with suitable identificationinformation.

If the data packet 100 arrives in the device 1 and no other data packetwas previously present in one of the processing units 11 or 12, the datapacket 100 can be loaded directly into a processing unit, say theprocessing unit 11, together with the information belonging to thechannel A which is retrieved from the memory 13 on the basis of theheader 101. As soon as the connection between the buffer 10 or thememory 13 and the processing unit 12 is free, the data packet 200 can beloaded into the processing unit 12. In the meantime, the data packet 100can be processed. As soon as this processing is completed, the processeddata packet 100 can be transmitted. Information relating to channel A,for example the status of the encrypting procedure, has now possibly tobe written back into the memory 13, depending on the processingperformed. It will be clear that this writing-back and the subsequentretrieval of information relating to another channel can be omitted ifthe subsequent data packet loaded into the processing unit 11 alsobelongs to the channel A. In the case shown, the subsequent data packet(300) belongs to the channel A, so that time can in fact be saved sincethe processing unit 11 is already prepared for processing data packetsof channel A. If the data packet were to belong to channel B, it couldin some cases be advantageous to allow said data packet to wait in thebuffer 10 until the processing unit 1 2 is free since said processingunit is already prepared for channel B. This could be the case, forexample, if a further data packet (not shown) were to belong to thechannel A. In order to perform such waiting effectively, the buffer 10should be provided with adequate buffer capacity. Furthermore, it isadvantageous to design the identification unit such that the identity(the channel) of a plurality of buffered data packets can be determinedin order to be able to perform the assignment of the data packets to theprocessing units efficiently.

FIG. 3 diagrammatically shows a data communication system. The systemcomprises two devices 1 (or 1', see FIG. 4) for processing data packets,the devices being connected by a link 2. With the aid of the deviceaccording to the invention, it is possible to transmit a plurality ofencrypted logical channels via a single link at a high speed. In thesystem of FIG. 3, a plurality of devices 1 can, if necessary, beprovided, for example in series, in order to be able to performprocesses on data packets in a plurality of steps or at a plurality ofpositions.

The embodiment of the inventive device 1' shown schematically in FIG. 4comprises, like the embodiment shown in FIG. 1, an input/output buffer10, a first processing unit 11, a second processing unit 12, a memory 13and an identification and control unit 14. The device of FIG. 4 isfurther provided with a system control unit 14', connected with anexternal data bus or data link 40 by a data bus 18'. This system controlunit 14' may serve to control the system the device 1' is a constituentpart of. The external bus 40 may, for example, serve to load suitablesoftware and/or commands into the unit 14'.

The data bus 15, connecting the processing units 11 and 12 and thememory 13, is shown in FIG. 4 to consist of three separate parts, but itwill be understood that these parts may be interconnected orreconfigured so as to form a data bus 15 consisting of one part only.Data buses 16 connect the units 11, 12 and 14 respectively, on the onehand, with the unit 10 on the other hand. Unidirectional data buses 17interconnect the unit 10 and an interface unit 19, while unidirectionaldata buses 18 interconnect the interface unit 19 and an external bus orlink 30. The buses 17 and/or 18 may each be configured as a singlebidirectional data bus.

The main components of the device, such as the units 10, 11, 12, 14 and19 may be constituted by programmable gate arrays (PGAs), such assupplied by Xilinx. The memory 13 may be constituted by a random accessmemory (RAM), and the system control 14' may comprise a microprocessore.g. a Motorola 68000),RAM and EEPROM memory.

For (temporarily or permanently) storing the key(s) and status, e.g. thecryptographic residue, relating to a particular channel the memory 13 isprovided. However, an even greater operating speed of the devices 1 and1' can be achieved if separate buffers are provided for temporarilystoring status data, such as a cryptographic residue or a cryptographicinitialization value (newstate). Such buffers can advantageously beimplemented as registers ("shadow registers") in the processing units 11and 12. Preferably, the control unit 14 is designed so as to load datarelating to a certain cell into a shadow register while the previouscell is still being processed in the processing unit concerned. Thisloading of data into a shadow register can be done as soon a data packethas been identified. The data of a shadow register can be loaded intothe processing unit proper in a very short time, e.g. one clock cycle,as this loading need not involve the data bus 15.

It will be understood by those skilled in the art that the invention isnot limited to the embodiments shown and that many modifications andextensions are possible without departing from the scope of the presentinvention, as defined by the appended claims.

We claim:
 1. Device for cryptographically processing data packets, thedevice comprising:identification means for identifying a data packet;processing means for cryptographically processing the data packet,wherein the processing means include a first processing unit and asecond processing unit; memory means for storing information relating tothe processing; and control means for selecting information related tothe data packet,wherein the control means are designed to assign, on thebasis of the identification of the data packet, said data packet to oneof the first and second processing units and to process said data packetwith the aid of information related to said data packet.
 2. Deviceaccording to claim 1, wherein at least one of the first and secondprocessing units is designed to encrypt data packets.
 3. Deviceaccording to claim 1, wherein at least one of the first and secondprocessing units is designed to decrypt data packets.
 4. Deviceaccording to claim 2, wherein at least one of the first and secondprocessing units is designed to decrypt data packets.
 5. Deviceaccording to claim 2, wherein the information relating to the processingcomprises a key and a status of a processing procedure.
 6. Deviceaccording to claim 3, wherein the information relating to the processingcomprises a key and a status of a processing procedure.
 7. Deviceaccording to claim 1, wherein each of the data packets includes a headerand an information field, and wherein the identification means aredesigned to identify a channel to which the data packet belongs on thebasis of the header of the data packet.
 8. Device according to claim 7,wherein the processing means are designed to process only theinformation field of a data packet.
 9. Device according to claim 7,further comprising a buffer provided upstream of the first and secondprocessing units.
 10. Device according to claim 7, wherein the controlmeans are designed to assign subsequent data packets which belong to thechannel to the same one of the first and second processing units as thepacket.
 11. Device according to claim 7, further comprising a commondata bus which connects the first processing unit, the second processingunit and the memory means.
 12. Device according to claim 7, wherein atleast one of the first and second processing units is provided with itsown separate memory means.
 13. Device according to claim 7, wherein atleast one of the first and second processing units is programmable. 14.Device according to claim 7, wherein the data packets are ATM datapackets.
 15. System for data communication by means of data cells,provided with at least one device for cryptographically processing datapackets, the device including:identification means for identifying adata packet; processing means for cryptographically processing the datapacket, wherein the processing means include a first processing unit anda second processing unit; memory means for storing information relatingto the processing; and control means for selecting information relatedto the data packet, wherein the control means are designed to assign, onthe basis of the identification of the data packet, said data packet toone of the first and second processing units and to process said datapacket with the aid of information related to said data packet.
 16. Adevice for cryptographically processing data packets, each of the datapackets belonging to at least one of a plurality of channels, the devicecomprising:identification means for identifying the at least one channelto which a data packet belongs; processing means for cryptographicallyprocessing the data packet, wherein the processing means include a firstprocessing unit and a second processing unit; memory means for storinginformation, associated with each of the plurality of channels, forprocessing data packets from each of the plurality a channels; andcontrol means for selecting information associated with the at least onechannel which the data packet was identified as belonging to, whereinthe control means are designed to assign, on the basis of theidentification of the data packet, the data packet to one of the firstand second processing units and to process the data packet with the aidof the selected information.